[BBLISA] slow wan link

Daniel Feenberg feenberg at nber.org
Thu Jun 7 07:37:39 EDT 2012 


On Wed, 6 Jun 2012, Rob Taylor wrote:

> Hi Daniel.
>
> When you say WAN link,  are you referring to a network link between two
> offices at your company, or do you mean your Internet connection?

10 mbs to the ISP over fiber.

> Also, what speed is this link? When you say WAN, I think T1, T3, etc...
> Can you monitor your gear with SNMP or command line to see what
> performance stats on the gear are? Can you throw in a linux box running
> ntop to see the traffic coming and going? Can you do ttcp test just
> over the link itself?
>
> Some network gear can queue smaller "interactive" packets ahead of
> larger bulk transfer packets, to give better response to some
> applications in heavily loaded situations.

There is a Fortigate between us and a vanilla Cisco router, but I don't 
think any traffic shaping is going on. Ping times are still good with 
large packets (1000 bytes).

Dan Ritter mentioned that I shouldn't trust ping for dropped packets. 
Would the router prioritize ICMP over tcp, so that ping would be fine but 
tcp packets would be dropped? Maybe there is a tcp-ping?

>
> Most of the following suggestions are ways to reduce load/optimize the
> use  on the link.
>
> X-windows is not the most network lite protocol out there. I've seen it
> work well on a lan, but very poorly over a slow/high latency link.

We want to try NX, but it doesn't cooperate with our 2-factor 
authentication.

> If you can, have the users try using VNC, or freenx. Both create a
> virtual X desktop on the target machine, and just shows you a mirror of
> it on your desktop which you can disconnect from and reconnect to at
> will. (They are the gui equivalents of screen or tmux)
> The benefit of that is that instead of getting X updates,  your client
> gets smaller raster updates(like rdp), which works better over slow
> links.
> VNC is not encrypted by default, so keep that in mind if it's going to
> go over an untrusted link.
>
> For web traffic, you could setup a squid proxy on a spare machine on
> the lan side of the link. This can share common web traffic among
> clients.

We don't have many users, just users with big files to transfer, so I 
don't think a cache would have much effect.

>
> If your wan gear can't do that, then you can also at traffic shaping
> gear, which can optimize/prioritize the flow of traffic over the link.
> On a network mailing list that I am on, people have mentioned liking
> Netequalizer, which is a inexpensive transparent traffic shaper.
> It tries to make sure that people don't hog the link by default.

I will look at Netwualizer.

>
> Let me know what you discover.
>

Will do, if we figure it out.

dan feenberg
nber

More information about the bblisa mailing list